During this current decade we have gone from $37bn to over $96bn worth of annual information security spending, yet by whatever metric you want to use - the number of data breaches or the number of viruses for example - the picture is rather bleak. We’re spending more money but we’re getting more security breaches, so something isn’t working. The focus needs to shift; Mobile First or Cloud First is all well and good, but what about the user?
Putting the user first was the centre of discussion at our Mobile IT User Forum in Bristol at the beginning of the month. “At Bridgeway our job is to securely enable business productivity, making sure that the users are receiving the productivity tools that they need in order to deliver their job to the organisation’s desires and goals,” said Bridgeway Managing Director Jason Holloway. “Put simply, it's all about me getting my stuff, securely, easily and ideally in an auditable manner.”
As Jason explained at the event, “What we end up seeing is a mobility life cycle very similar to the Gartner Hype cycle where the initial driver of the project is typically driven by a senior manager wanting to have email on the device. It rapidly grows and grows in terms of visibility and also expectations from the users, and then after that peak of inflated expectation, we see the reverse slope where users needs and expectations are not often met.”
Dave Weeden from MobileIron, who spoke about the current trends around Modern Work, added, “In the mind of a user, when you put too tight security in the mix they end up thinking, ‘you know what, I can’t get my stuff, but I can find a way around it.' As a result the whole security policy can implode on itself; nothing works and the data is insecure, employees find ways to navigate around the restrictions, and as a business leader you have no control of the business. And this is one of the lesser known issues - having too many restrictions on a device can actually subvert security solutions."
"First and foremost the user is the person you are trusting to be compliant, the user is the person who has to buy in to what you want to do," added Dave. "If you can’t get the user on board, no policy put in place will ever work.”
We are seeing a growing trend of vendors putting the user first. Burak Agca from leading mobile and app security company Lookout, who also presented at the event, said his company were doing all they can to make sure threat detection is as unintrusive as possible for the user, with a zero touch experience. “The user will not have to click on anything for our app to be installed and for conditional access controls to be put in place, ensuring that device attestation happens before a second factor of authentication is put in and the user is granted access,” said Burak. “And that is key: do you want an unhealthy device accessing your network today?"
There's so much to consider with InfoSec but shifting your mindset to really consider your users' points of view is crucial to a resilient, efficient and of course, secure, digital transformation. When you have alignment of the mobility project with both the needs of the business and the end user, you're on the road to lasting success.
If this resonates with you, and you'd like to find out more about how we can help with your mobility project, do get in touch.